Messages

For others who run into this issue. It is caused by setting a chromium flag:

You cannot view this attachment.

If you set it wrong you will get this problem on selection boxes that the browser can't guess at the autofill.

They are from 25.10

There was a BF sale last year. Do you think there will be another again this year?

Hi, I'm having a similar problem to what was described by https://forum.opnsense.org/index.php?topic=16955.0 but my problem browser is Vivalidi.

Is there a solution to many of the drop down menu's having this display error on the Opnsense side or do I need to ask at the browser's forum?

This issue only shows up in Opnsense and not on other sites including internal ones I'm running.

Opnsense 25.10 Business edition on DEC 850v2

Anyone found a fix? this is annoying

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.4.3 (amd64) at Fri Sep 19 20:15:56 CDT 2025
Strict TLS 1.3 and CRL checking is enabled.
Fetching subscription information, please wait... done
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 908 packages processed.
Updating SunnyValley repository catalogue...
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/meta.txz: Authentication error
repository SunnyValley has no meta file, using default settings
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/packagesite.pkg: Authentication error
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=85bd57b0.sni.cloudflaressl.com (44)
00200157A62F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/packagesite.txz: Authentication error
Unable to update repository SunnyValley
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

So business edition users on the newest 24.5.3 release should do what to prevent issues for the next few months to a year?

Also having this error on 24.5.3 and trying all the commercial repos.

The fear mongering is justified, if it is still writing or has just erased the eeprom, you would end up with an unbootable device. Not sure what the hard recovery process might be, but it could involve a hardware programmer.

Given that twice in a row now I've had this reach 100% and then do nothing but be absolutely fine with pulling the power I feel like this is either over doing the warnings and being too absolute and pushy or they need to be figuring out and fixing why the DEC850 is doing this as I won't be lucky another time.

So I did the new v17 BIOS https://docs.opnsense.org/hardware/bios.html for the DEC800 series and I had the same hang up as above where the DEC850v2 did not shutdown as per the instructions when I reached 100%. After letting it hang for an hour I did the power pulling again as per above directions and it rebooted and started up with the new BIOS version again.

I would recommend either giving me some troubleshooting steps to figure out why what I am seeing is not matching the BIOS update instructions or updating the instructions to be less explicit and fear mongering about the shutdown and powerdown steps!

Screwed up my courage and after working up to it for 6 hours on the backup device, pulled the power and plugged the DEC850 back in.

So far it shows it is on firmware version 16 and everything seems to be working after a complete restart of the entire network.

Going to monitor for a day but having the serial console do this was nerve wracking.

Will DEC800, DEC3800 & DEC4000 series also get an update soon?

New BIOS versions published for the following FWs:


DEC700 and DEC2700 series -- 04-2025 Version 33

Code Select Expand

BIOS Information
        Vendor: INSYDE Corp.
        Version: 05.38.26.0025-A10.33
        Release Date: 03/05/2025


DEC800 and DEC3800 & DEC4000 series -- 04-2025 Version 16

DEC4200 series -- 04-2025 Version 24



BIOS download page

So I am trying to update my DEC850 version 2 (the one with the 2.5Gbe ports) to version 16 of the BIOS and it has been showing 98% and hasn't powered down after nearly an hour.

I checked the checksum before extracting to a FAT32 16GB USB stick.

Do I have any hope, have I miss understood that the serial terminal should disconnect and the device completely power down?

Please consider to include also multicore support in home plan, thanks in advance :-)

I, too, hope that they will do that. For differentiation purposes they could limit the number of threads in the home edition to something like 4 or 8 and allow unlimited threads in their Enterprise edition.

I'm not a enterprise but I could use the multicore support at home. Even if they don't want it on the base Home plan it would be nice to have it accessible to Homelabs.

So I clicked on "click to check for update" on the lobby page and instead of finding nothing to update (as expected) I got the below error and it did not complete the check:

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.4.1 (amd64) at Mon Jun  9 20:15:10 CDT 2025
Strict TLS 1.3 and CRL checking is enabled.
Fetching subscription information, please wait... done
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 875 packages processed.
Updating SunnyValley repository catalogue...
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/meta.txz: Authentication error
repository SunnyValley has no meta file, using default settings
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/packagesite.pkg: Authentication error
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/packagesite.txz: Authentication error
Unable to update repository SunnyValley
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
Is this a me (I configured something wrong), a OPNSense, or a Zenarmor error?

That does not look consistent to me. Did you perform a fresh install? To which of the two drives? Why not a mirrored install right from the installer?
You can wipe both drives with nvmecontrol and finally they should both show up.

I did not wipe and reinstall as I got it booting from a live CD, figured out what was blocking nda0 and wiped it. and now want to restart from the original post (nda1 with original factory install, nvd0 blank) to prove the process for the next person who gets a factory Desico and wants to add mirroring of the nvmes.

[Wait]

So here is the revised plan to try this again:

Create partitions on new nvme:

Code Select Expand

gpart create -s gpt nda0
gpart add -s 532480 -t efi nda0
gpart add -s 1024 -t freebsd-boot nda0
gpart add -a 1m -s 8g -t freebsd-swap nda0
gpart add -a 1m -t freebsd-zfs nda0
create the zfs mirror with the two freebsd-zfs partitions to mirror the OS:

Code Select Expand

zpool attach zroot nda1p3 nda0p4
copy EFI partition:

Code Select Expand

dd if=/dev/nda0p1 of=/dev/nda1p1copy bootloader parition:

Code Select Expand

dd if=/dev/nda0p2 of=/dev/nda1p2
turn swap partition into mirrored device

Code Select Expand

gmirror load
swapoff -a
gmirror label -b round-robin swap nda1p4
gmirror configure -a swap
gmirror insert swap nda0p3
Wait for the resilvering to complete before proceeding with changing the old nvme to the standard partition format.

then stop the mirror operation on the old nvme:

Code Select Expand

zpool detach zroot nda1p3
unmirror swap to stop activity on old nvme:

Code Select Expand

gmirror stop swap
gmirror remove nda1p4
then nuke the partition table on the old nvme:

Code Select Expand

nvmecontrol format nvme1
then recreate the partition table on the old nvme following the standard

Code Select Expand

gpart create -s gpt nda1
gpart add -s 532480 -t efi nda1
gpart add -s 1024 -t freebsd-boot nda1
gpart add -a 1m -s 8g -t freebsd-swap nda1
gpart add -a 1m -t freebsd-zfs nda1
then zfs mirror the OS partiton:

Code Select Expand

zpool attach zroot nda0p4 nda1p4
now WAIT for resilvering to complete.

then copy the efi and boot partions to the old nvme:

Code Select Expand

dd if=/dev/nda1p1 of=/dev/nda0p1
dd if=/dev/nda1p2 of=/dev/nda0p2
then mirror the swap partitions:

Code Select Expand

gmirror load
swapoff -a
gmirror label -b round-robin swap nda0p3
gmirror configure -a swap
gmirror insert swap nda1p3
And NOW finally reboot?